Configuring Apache HDFS Encryption
Also available as:
PDF
loading table of contents...

Roll Over an Existing Key

How to roll over an existing key, when using the Ranger KMS.

Rolling over (or "rotating") a key retains the same key name, but the key will have a different version. This operation re-encrypts existing file keys, but does not re-encrypt the actual file. Keys can be rolled over at any time.

After a key is rotated in Ranger KMS, new files will have the file key encrypted by the new master key for the encryption zone.

  1. Log in to Ranger as user keyadmin, password $keyadmin.
  2. To rotate a key, click the edit button next to the key name in the list of keys:
  3. Edit the key information, and then press Save.
  4. When asked to confirm the rollover, click "OK":